@sonoma-security/mcp-gateway 0.1.0

package/dist/auth/storage.js

@@ -0,0 +1,181 @@
+/**
+ * Secure token storage for MCP Gateway OAuth credentials
+ *
+ * Stores tokens in ~/.sonoma/gateway-credentials.json with AES-256-GCM encryption.
+ * The encryption key is derived from a machine-specific identifier to prevent
+ * tokens from being copied between machines.
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync } from "node:fs";
+import { homedir, hostname } from "node:os";
+import { join } from "node:path";
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from "node:crypto";
+const SONOMA_DIR = join(homedir(), ".sonoma");
+const CREDENTIALS_PATH = join(SONOMA_DIR, "gateway-credentials.json");
+const DEVICE_ID_PATH = join(SONOMA_DIR, "device-id");
+// Encryption settings
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32;
+const IV_LENGTH = 16;
+const SALT_LENGTH = 32;
+/**
+ * Get or create a stable device ID for this machine
+ */
+function getDeviceId() {
+    ensureSonomaDir();
+    if (existsSync(DEVICE_ID_PATH)) {
+        return readFileSync(DEVICE_ID_PATH, "utf-8").trim();
+    }
+    // Generate new device ID: dev_{random_hex}
+    const id = `dev_${randomBytes(16).toString("hex")}`;
+    writeFileSync(DEVICE_ID_PATH, id);
+    return id;
+}
+/**
+ * Derive an encryption key from machine-specific data
+ */
+function deriveKey(salt) {
+    // Use device ID and hostname as key material
+    const deviceId = getDeviceId();
+    const keyMaterial = `${deviceId}:${hostname()}:sonoma-mcp-gateway`;
+    return scryptSync(keyMaterial, salt, KEY_LENGTH);
+}
+/**
+ * Encrypt data using AES-256-GCM
+ */
+function encrypt(data) {
+    const salt = randomBytes(SALT_LENGTH);
+    const key = deriveKey(salt);
+    const iv = randomBytes(IV_LENGTH);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    let encrypted = cipher.update(data, "utf8", "hex");
+    encrypted += cipher.final("hex");
+    const authTag = cipher.getAuthTag();
+    // Format: salt:iv:authTag:encrypted (all hex)
+    return [salt.toString("hex"), iv.toString("hex"), authTag.toString("hex"), encrypted].join(":");
+}
+/**
+ * Decrypt data using AES-256-GCM
+ */
+function decrypt(encryptedData) {
+    const [saltHex, ivHex, authTagHex, encrypted] = encryptedData.split(":");
+    if (!saltHex || !ivHex || !authTagHex || !encrypted) {
+        throw new Error("Invalid encrypted data format");
+    }
+    const salt = Buffer.from(saltHex, "hex");
+    const iv = Buffer.from(ivHex, "hex");
+    const authTag = Buffer.from(authTagHex, "hex");
+    const key = deriveKey(salt);
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encrypted, "hex", "utf8");
+    decrypted += decipher.final("utf8");
+    return decrypted;
+}
+/**
+ * Ensure the ~/.sonoma directory exists
+ */
+function ensureSonomaDir() {
+    if (!existsSync(SONOMA_DIR)) {
+        mkdirSync(SONOMA_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+/**
+ * Load stored credentials from disk
+ */
+export function loadCredentials() {
+    if (!existsSync(CREDENTIALS_PATH)) {
+        return null;
+    }
+    try {
+        const encryptedData = readFileSync(CREDENTIALS_PATH, "utf-8");
+        const decrypted = decrypt(encryptedData);
+        return JSON.parse(decrypted);
+    }
+    catch (error) {
+        // If decryption fails (e.g., machine changed), return null
+        console.error("[auth] Failed to load credentials:", error);
+        return null;
+    }
+}
+/**
+ * Save credentials to disk (encrypted)
+ */
+export function saveCredentials(credentials) {
+    ensureSonomaDir();
+    const data = JSON.stringify(credentials, null, 2);
+    const encrypted = encrypt(data);
+    writeFileSync(CREDENTIALS_PATH, encrypted, { mode: 0o600 });
+}
+/**
+ * Clear all stored credentials
+ */
+export function clearCredentials() {
+    if (existsSync(CREDENTIALS_PATH)) {
+        unlinkSync(CREDENTIALS_PATH);
+    }
+}
+/**
+ * Convert stored credentials to MCP SDK OAuthTokens format
+ */
+export function toOAuthTokens(creds) {
+    if (!creds.accessToken) {
+        return undefined;
+    }
+    return {
+        access_token: creds.accessToken,
+        token_type: creds.tokenType || "Bearer",
+        refresh_token: creds.refreshToken,
+        expires_in: creds.expiresAt ? Math.floor((creds.expiresAt - Date.now()) / 1000) : undefined,
+        scope: creds.scope,
+    };
+}
+/**
+ * Convert MCP SDK OAuthTokens to stored credentials format
+ */
+export function fromOAuthTokens(tokens, existing) {
+    const expiresAt = tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined;
+    return {
+        ...existing,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token || existing?.refreshToken,
+        expiresAt,
+        tokenType: tokens.token_type,
+        scope: tokens.scope,
+        lastRefreshed: Date.now(),
+    };
+}
+/**
+ * Convert stored credentials to MCP SDK client information format
+ */
+export function toClientInformation(creds) {
+    if (!creds.clientId) {
+        return undefined;
+    }
+    return {
+        client_id: creds.clientId,
+        client_secret: creds.clientSecret,
+        client_secret_expires_at: creds.clientSecretExpiresAt,
+    };
+}
+/**
+ * Check if stored tokens are expired or about to expire
+ */
+export function isTokenExpired(creds, bufferMs = 60000) {
+    if (!creds.accessToken || !creds.expiresAt) {
+        return true;
+    }
+    return Date.now() + bufferMs >= creds.expiresAt;
+}
+/**
+ * Check if we have a valid refresh token
+ */
+export function hasRefreshToken(creds) {
+    return !!creds.refreshToken;
+}
+/**
+ * Get device ID for telemetry
+ */
+export function getStoredDeviceId() {
+    return getDeviceId();
+}
+//# sourceMappingURL=storage.js.map

package/dist/auth/storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../src/auth/storage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACzF,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGxF,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC9C,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;AACtE,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAErD,sBAAsB;AACtB,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,WAAW,GAAG,EAAE,CAAC;AAuBvB;;GAEG;AACH,SAAS,WAAW;IAClB,eAAe,EAAE,CAAC;IAElB,IAAI,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC/B,OAAO,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACtD,CAAC;IAED,2CAA2C;IAC3C,MAAM,EAAE,GAAG,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;IACpD,aAAa,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IAClC,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,IAAY;IAC7B,6CAA6C;IAC7C,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,GAAG,QAAQ,IAAI,QAAQ,EAAE,qBAAqB,CAAC;IAEnE,OAAO,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAC,IAAY;IAC3B,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5B,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAElC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,8CAA8C;IAC9C,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClG,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAC,aAAqB;IACpC,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEzE,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAE5B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe;IACtB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAsB,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,2DAA2D;QAC3D,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,WAA8B;IAC5D,eAAe,EAAE,CAAC;IAElB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,aAAa,CAAC,gBAAgB,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACjC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAwB;IACpD,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,YAAY,EAAE,KAAK,CAAC,WAAW;QAC/B,UAAU,EAAE,KAAK,CAAC,SAAS,IAAI,QAAQ;QACvC,aAAa,EAAE,KAAK,CAAC,YAAY;QACjC,UAAU,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC3F,KAAK,EAAE,KAAK,CAAC,KAAK;KACnB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAAmB,EAAE,QAA4B;IAC/E,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAExF,OAAO;QACL,GAAG,QAAQ;QACX,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,QAAQ,EAAE,YAAY;QAC5D,SAAS;QACT,SAAS,EAAE,MAAM,CAAC,UAAU;QAC5B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE;KAC1B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAwB;IAC1D,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK,CAAC,QAAQ;QACzB,aAAa,EAAE,KAAK,CAAC,YAAY;QACjC,wBAAwB,EAAE,KAAK,CAAC,qBAAqB;KACtD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAwB,EAAE,QAAQ,GAAG,KAAK;IACvE,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,IAAI,KAAK,CAAC,SAAS,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAwB;IACtD,OAAO,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,WAAW,EAAE,CAAC;AACvB,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * CLI entry point for MCP Gateway
+ *
+ * Usage:
+ *   npx @sonoma/mcp-gateway --config ./config.json
+ *   npx @sonoma/mcp-gateway --auto  # Auto-detect Claude Desktop config
+ *   npx @sonoma/mcp-gateway --login # Authenticate with Sonoma
+ */
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG"}

package/dist/cli.js

@@ -0,0 +1,272 @@
+#!/usr/bin/env node
+/**
+ * CLI entry point for MCP Gateway
+ *
+ * Usage:
+ *   npx @sonoma/mcp-gateway --config ./config.json
+ *   npx @sonoma/mcp-gateway --auto  # Auto-detect Claude Desktop config
+ *   npx @sonoma/mcp-gateway --login # Authenticate with Sonoma
+ */
+import { parseArgs } from "node:util";
+import { readFileSync, existsSync } from "node:fs";
+import { McpGateway } from "./gateway";
+import { loadConfig, findClaudeDesktopConfig, loadFromParentConfig } from "./config";
+import { login, logout, getAuthStatus } from "./auth";
+import { SonomaClient } from "./sonoma-client";
+const DEFAULT_SONOMA_ENDPOINT = "https://app.sonoma.dev";
+const MDM_CONFIG_PATH = "/usr/local/etc/sonoma/config";
+/**
+ * Read org API key from MDM config file or environment
+ * Priority: 1. SONOMA_API_KEY env var, 2. /usr/local/etc/sonoma/config
+ */
+function getOrgApiKey() {
+    // Check env var first
+    if (process.env.SONOMA_API_KEY) {
+        return {
+            apiKey: process.env.SONOMA_API_KEY,
+            endpoint: process.env.SONOMA_ENDPOINT || null,
+        };
+    }
+    // Check MDM config file
+    if (existsSync(MDM_CONFIG_PATH)) {
+        try {
+            const content = readFileSync(MDM_CONFIG_PATH, "utf-8");
+            const lines = content.split("\n");
+            let apiKey = null;
+            let endpoint = null;
+            for (const line of lines) {
+                const [key, ...valueParts] = line.split("=");
+                const value = valueParts.join("=").trim();
+                if (key?.trim() === "API_KEY")
+                    apiKey = value;
+                if (key?.trim() === "ENDPOINT")
+                    endpoint = value;
+            }
+            return { apiKey, endpoint };
+        }
+        catch {
+            // Ignore read errors
+        }
+    }
+    return { apiKey: null, endpoint: null };
+}
+async function main() {
+    const { values } = parseArgs({
+        options: {
+            config: { type: "string", short: "c" },
+            auto: { type: "boolean", short: "a" },
+            // Read servers from parent config file (like Lasso MCP Gateway)
+            // This enables single-file config where servers are nested under our entry
+            "mcp-json-path": { type: "string" },
+            debug: { type: "boolean", short: "d" },
+            help: { type: "boolean", short: "h" },
+            version: { type: "boolean", short: "v" },
+            // Auth commands
+            login: { type: "boolean" },
+            logout: { type: "boolean" },
+            status: { type: "boolean" },
+            endpoint: { type: "string", short: "e" },
+        },
+        strict: true,
+    });
+    if (values.help) {
+        printHelp();
+        process.exit(0);
+    }
+    if (values.version) {
+        console.error("@sonoma/mcp-gateway v0.1.0");
+        process.exit(0);
+    }
+    // Auth commands
+    const sonomaEndpoint = values.endpoint || DEFAULT_SONOMA_ENDPOINT;
+    if (values.login) {
+        await login({ sonomaEndpoint, debug: values.debug });
+        process.exit(0);
+    }
+    if (values.logout) {
+        logout();
+        process.exit(0);
+    }
+    if (values.status) {
+        const status = getAuthStatus();
+        if (status.loggedIn) {
+            console.error("Logged in to:", status.endpoint);
+            console.error("Token expires:", status.expiresAt?.toISOString() || "unknown");
+            console.error("Has refresh token:", status.hasRefreshToken);
+        }
+        else {
+            console.error("Not logged in. Run: sonoma-gateway --login");
+        }
+        process.exit(0);
+    }
+    // Gateway mode
+    let config;
+    if (values["mcp-json-path"]) {
+        // Single-file config pattern (like Lasso MCP Gateway)
+        // Reads nested "servers" from parent config file
+        console.error(`Reading servers from: ${values["mcp-json-path"]}`);
+        config = loadFromParentConfig(values["mcp-json-path"]);
+    }
+    else if (values.config) {
+        config = loadConfig(values.config);
+    }
+    else if (values.auto) {
+        const claudeConfig = findClaudeDesktopConfig();
+        if (!claudeConfig) {
+            console.error("Could not find Claude Desktop config");
+            process.exit(1);
+        }
+        console.error(`Using Claude Desktop config: ${claudeConfig}`);
+        config = loadConfig(claudeConfig);
+    }
+    else {
+        console.error("No config specified. Use --config, --mcp-json-path, or --auto");
+        printHelp();
+        process.exit(1);
+    }
+    if (values.debug) {
+        config.debug = true;
+    }
+    // Set endpoint from CLI or config or MDM config
+    const orgConfig = getOrgApiKey();
+    if (!config.sonomaEndpoint) {
+        config.sonomaEndpoint = orgConfig.endpoint || sonomaEndpoint;
+    }
+    // Store org API key in config for gateway
+    if (orgConfig.apiKey) {
+        config.sonomaApiKey = orgConfig.apiKey;
+        if (values.debug) {
+            console.error("[cli] Found org API key from", process.env.SONOMA_API_KEY ? "env" : MDM_CONFIG_PATH);
+        }
+    }
+    // Check auth status and handle auto-login if needed
+    let authStatus = getAuthStatus();
+    if (!authStatus.loggedIn && !config.sonomaApiKey) {
+        // No OAuth token and no org API key - need to login
+        console.error("No authentication found. Opening browser to login...");
+        console.error("");
+        await login({ sonomaEndpoint: config.sonomaEndpoint, debug: values.debug });
+        authStatus = getAuthStatus();
+    }
+    // Fetch policy to check gatewayAuthMode
+    // Admin can require user_id mode which forces OAuth even if org key exists
+    if (config.sonomaEndpoint) {
+        const tempClient = new SonomaClient({
+            endpoint: config.sonomaEndpoint,
+            orgApiKey: config.sonomaApiKey,
+            debug: values.debug,
+        });
+        try {
+            const policy = await tempClient.fetchPolicy();
+            if (values.debug) {
+                console.error(`[cli] Policy: mode=${policy.mode}, authMode=${policy.gatewayAuthMode}`);
+            }
+            // If admin requires user_id mode but we only have org key, force OAuth login
+            if (policy.gatewayAuthMode === "user_id" && !authStatus.loggedIn) {
+                console.error("Organization requires user authentication for MCP visibility.");
+                console.error("Opening browser to login...");
+                console.error("");
+                await login({ sonomaEndpoint: config.sonomaEndpoint, debug: values.debug });
+                authStatus = getAuthStatus();
+                if (!authStatus.loggedIn) {
+                    console.error("Login required but not completed. Exiting.");
+                    process.exit(1);
+                }
+            }
+        }
+        catch (error) {
+            if (values.debug) {
+                console.error("[cli] Failed to fetch policy:", error);
+            }
+            // Continue anyway - gateway will retry policy fetch
+        }
+    }
+    if (values.debug) {
+        if (authStatus.loggedIn) {
+            console.error("[cli] Using OAuth token (user-linked telemetry)");
+        }
+        else if (config.sonomaApiKey) {
+            console.error("[cli] Using org API key (device-level telemetry)");
+        }
+    }
+    const gateway = new McpGateway(config);
+    // Handle shutdown gracefully
+    const shutdown = async () => {
+        console.error("\nShutting down...");
+        await gateway.stop();
+        process.exit(0);
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+    try {
+        await gateway.start();
+    }
+    catch (error) {
+        console.error("Failed to start gateway:", error);
+        process.exit(1);
+    }
+}
+function printHelp() {
+    // Use stderr for help output - stdout is reserved for MCP JSON-RPC
+    console.error(`
+@sonoma/mcp-gateway - Local MCP Gateway for tool-level visibility
+
+USAGE:
+  npx @sonoma/mcp-gateway [OPTIONS]
+
+OPTIONS:
+  -c, --config <path>      Path to gateway config JSON file
+  --mcp-json-path <path>   Read servers from parent MCP config (single-file mode)
+  -a, --auto               Auto-detect Claude Desktop config
+  -d, --debug              Enable debug logging
+  -h, --help               Show this help message
+  -v, --version            Show version
+
+AUTH OPTIONS:
+  --login               Authenticate with Sonoma (opens browser)
+  --logout              Clear stored credentials
+  --status              Show authentication status
+  -e, --endpoint <url>  Sonoma API endpoint (default: https://app.sonoma.dev)
+
+SINGLE-FILE CONFIG (recommended):
+  Configure in your Claude Desktop / Cursor config with nested "servers":
+  {
+    "mcpServers": {
+      "sonoma": {
+        "command": "npx",
+        "args": ["@sonoma/mcp-gateway", "--mcp-json-path", "~/.cursor/mcp.json"],
+        "env": { "SONOMA_API_KEY": "your-key" },
+        "servers": {
+          "filesystem": {
+            "command": "npx",
+            "args": ["@modelcontextprotocol/server-filesystem", "/tmp"]
+          }
+        }
+      }
+    }
+  }
+
+SEPARATE CONFIG FILE:
+  {
+    "servers": [
+      { "name": "filesystem", "command": "npx", "args": ["@modelcontextprotocol/server-filesystem", "/tmp"] }
+    ],
+    "sonomaEndpoint": "https://app.sonoma.dev"
+  }
+
+EXAMPLES:
+  # Single-file config (servers nested in Claude Desktop config)
+  npx @sonoma/mcp-gateway --mcp-json-path ~/.cursor/mcp.json
+
+  # Separate config file
+  npx @sonoma/mcp-gateway --config ./my-servers.json
+
+  # Auto-detect Claude Desktop config
+  npx @sonoma/mcp-gateway --auto
+`);
+}
+main().catch((error) => {
+    console.error("Fatal error:", error);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AACrF,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,uBAAuB,GAAG,wBAAwB,CAAC;AACzD,MAAM,eAAe,GAAG,8BAA8B,CAAC;AAEvD;;;GAGG;AACH,SAAS,YAAY;IACnB,sBAAsB;IACtB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;QAC/B,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc;YAClC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI;SAC9C,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,GAAkB,IAAI,CAAC;YACjC,IAAI,QAAQ,GAAkB,IAAI,CAAC;YAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1C,IAAI,GAAG,EAAE,IAAI,EAAE,KAAK,SAAS;oBAAE,MAAM,GAAG,KAAK,CAAC;gBAC9C,IAAI,GAAG,EAAE,IAAI,EAAE,KAAK,UAAU;oBAAE,QAAQ,GAAG,KAAK,CAAC;YACnD,CAAC;YAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAC3B,OAAO,EAAE;YACP,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACtC,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE;YACrC,gEAAgE;YAChE,2EAA2E;YAC3E,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACnC,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE;YACtC,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE;YACrC,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE;YACxC,gBAAgB;YAChB,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YAC1B,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YAC3B,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YAC3B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;SACzC;QACD,MAAM,EAAE,IAAI;KACb,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,gBAAgB;IAChB,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,IAAI,uBAAuB,CAAC;IAElE,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,KAAK,CAAC,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,EAAE,CAAC;QACT,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;QAC/B,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,IAAI,SAAS,CAAC,CAAC;YAC9E,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,eAAe;IACf,IAAI,MAAM,CAAC;IAEX,IAAI,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC5B,sDAAsD;QACtD,iDAAiD;QACjD,OAAO,CAAC,KAAK,CAAC,yBAAyB,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QAClE,MAAM,GAAG,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;IACzD,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,MAAM,YAAY,GAAG,uBAAuB,EAAE,CAAC;QAC/C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,gCAAgC,YAAY,EAAE,CAAC,CAAC;QAC9D,MAAM,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;QAC/E,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,gDAAgD;IAChD,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,CAAC,cAAc,GAAG,SAAS,CAAC,QAAQ,IAAI,cAAc,CAAC;IAC/D,CAAC;IAED,0CAA0C;IAC1C,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;QACrB,MAAM,CAAC,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC;QACvC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QACtG,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,IAAI,UAAU,GAAG,aAAa,EAAE,CAAC;IACjC,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACjD,oDAAoD;QACpD,OAAO,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;QACtE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClB,MAAM,KAAK,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAC5E,UAAU,GAAG,aAAa,EAAE,CAAC;IAC/B,CAAC;IAED,wCAAwC;IACxC,2EAA2E;IAC3E,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,UAAU,GAAG,IAAI,YAAY,CAAC;YAClC,QAAQ,EAAE,MAAM,CAAC,cAAc;YAC/B,SAAS,EAAE,MAAM,CAAC,YAAY;YAC9B,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,WAAW,EAAE,CAAC;YAE9C,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,sBAAsB,MAAM,CAAC,IAAI,cAAc,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;YACzF,CAAC;YAED,6EAA6E;YAC7E,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACjE,OAAO,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;gBAC/E,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBAC7C,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBAClB,MAAM,KAAK,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;gBAC5E,UAAU,GAAG,aAAa,EAAE,CAAC;gBAE7B,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;oBACzB,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;oBAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;YACxD,CAAC;YACD,oDAAoD;QACtD,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;YACxB,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACnE,CAAC;aAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IAEvC,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,KAAK,IAAmB,EAAE;QACzC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACpC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhC,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,mEAAmE;IACnE,OAAO,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuDf,CAAC,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Config loader for MCP Gateway
+ * Parses Claude Desktop / Cursor style MCP configs
+ */
+import type { GatewayConfig } from "./types";
+/**
+ * Load gateway config from a JSON file
+ */
+export declare function loadConfig(configPath: string): GatewayConfig;
+/**
+ * Load servers from parent MCP config file (single-file config pattern)
+ *
+ * This enables the Lasso MCP Gateway pattern where you configure:
+ * {
+ *   "mcpServers": {
+ *     "sonoma": {
+ *       "command": "npx",
+ *       "args": ["@sonoma/mcp-gateway", "--mcp-json-path", "~/.cursor/mcp.json"],
+ *       "servers": {
+ *         "filesystem": { "command": "npx", "args": ["@modelcontextprotocol/server-filesystem", "."] }
+ *       }
+ *     }
+ *   }
+ * }
+ *
+ * The gateway reads the parent config, finds its own entry, and extracts the nested "servers".
+ */
+export declare function loadFromParentConfig(configPath: string, gatewayName?: string): GatewayConfig;
+/**
+ * Find Claude Desktop config file
+ */
+export declare function findClaudeDesktopConfig(): string | null;
+/**
+ * Create a minimal test config
+ */
+export declare function createTestConfig(): GatewayConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAmB,MAAM,SAAS,CAAC;AAc9D;;GAEG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,CAe5D;AAsBD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,SAAW,GAAG,aAAa,CAyD9F;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,GAAG,IAAI,CAwBvD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,aAAa,CAKhD"}

package/dist/config.js

@@ -0,0 +1,134 @@
+/**
+ * Config loader for MCP Gateway
+ * Parses Claude Desktop / Cursor style MCP configs
+ */
+import { readFileSync, existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+/**
+ * Load gateway config from a JSON file
+ */
+export function loadConfig(configPath) {
+    if (!existsSync(configPath)) {
+        throw new Error(`Config file not found: ${configPath}`);
+    }
+    const content = readFileSync(configPath, "utf-8");
+    const raw = JSON.parse(content);
+    // Check if this is a Claude Desktop style config
+    if ("mcpServers" in raw && raw.mcpServers) {
+        return convertClaudeConfig(raw);
+    }
+    // Otherwise treat as native gateway config
+    return raw;
+}
+/**
+ * Convert Claude Desktop config format to gateway config
+ */
+function convertClaudeConfig(config) {
+    const servers = [];
+    if (config.mcpServers) {
+        for (const [name, server] of Object.entries(config.mcpServers)) {
+            servers.push({
+                name,
+                command: server.command,
+                args: server.args,
+                env: server.env,
+            });
+        }
+    }
+    return { servers };
+}
+/**
+ * Load servers from parent MCP config file (single-file config pattern)
+ *
+ * This enables the Lasso MCP Gateway pattern where you configure:
+ * {
+ *   "mcpServers": {
+ *     "sonoma": {
+ *       "command": "npx",
+ *       "args": ["@sonoma/mcp-gateway", "--mcp-json-path", "~/.cursor/mcp.json"],
+ *       "servers": {
+ *         "filesystem": { "command": "npx", "args": ["@modelcontextprotocol/server-filesystem", "."] }
+ *       }
+ *     }
+ *   }
+ * }
+ *
+ * The gateway reads the parent config, finds its own entry, and extracts the nested "servers".
+ */
+export function loadFromParentConfig(configPath, gatewayName = "sonoma") {
+    const expandedPath = configPath.replace(/^~/, homedir());
+    if (!existsSync(expandedPath)) {
+        throw new Error(`Parent config file not found: ${expandedPath}`);
+    }
+    const content = readFileSync(expandedPath, "utf-8");
+    const raw = JSON.parse(content);
+    if (!raw.mcpServers) {
+        throw new Error(`No mcpServers found in ${expandedPath}`);
+    }
+    // Find our gateway entry - try common names
+    const gatewayNames = [gatewayName, "sonoma", "sonoma-gateway", "mcp-gateway"];
+    let gatewayEntry;
+    for (const name of gatewayNames) {
+        if (raw.mcpServers[name]) {
+            gatewayEntry = raw.mcpServers[name];
+            break;
+        }
+    }
+    if (!gatewayEntry?.servers) {
+        // Fall back to loading all servers except our own gateway
+        const servers = [];
+        for (const [name, server] of Object.entries(raw.mcpServers)) {
+            // Skip gateway entries (they have --mcp-json-path in args)
+            const isGateway = server.args?.some(arg => arg.includes("mcp-gateway") || arg.includes("--mcp-json-path"));
+            if (!isGateway) {
+                servers.push({
+                    name,
+                    command: server.command,
+                    args: server.args,
+                    env: server.env,
+                });
+            }
+        }
+        return { servers };
+    }
+    // Extract nested servers from gateway entry
+    const servers = [];
+    for (const [name, server] of Object.entries(gatewayEntry.servers)) {
+        servers.push({
+            name,
+            command: server.command,
+            args: server.args,
+            env: server.env,
+        });
+    }
+    return { servers };
+}
+/**
+ * Find Claude Desktop config file
+ */
+export function findClaudeDesktopConfig() {
+    const platform = process.platform;
+    let configPath;
+    if (platform === "darwin") {
+        configPath = join(homedir(), "Library", "Application Support", "Claude", "claude_desktop_config.json");
+    }
+    else if (platform === "win32") {
+        configPath = join(process.env.APPDATA || "", "Claude", "claude_desktop_config.json");
+    }
+    else {
+        // Linux
+        configPath = join(homedir(), ".config", "claude", "claude_desktop_config.json");
+    }
+    return existsSync(configPath) ? configPath : null;
+}
+/**
+ * Create a minimal test config
+ */
+export function createTestConfig() {
+    return {
+        servers: [],
+        debug: true,
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAejC;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,UAAkB;IAC3C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAwC,CAAC;IAEvE,iDAAiD;IACjD,IAAI,YAAY,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;QAC1C,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IAED,2CAA2C;IAC3C,OAAO,GAAoB,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAA2B;IACtD,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI;gBACJ,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,GAAG,EAAE,MAAM,CAAC,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAkB,EAAE,WAAW,GAAG,QAAQ;IAC7E,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAEzD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,iCAAiC,YAAY,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAwB,CAAC;IAEvD,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,4CAA4C;IAC5C,MAAM,YAAY,GAAG,CAAC,WAAW,EAAE,QAAQ,EAAE,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAC9E,IAAI,YAAwC,CAAC;IAE7C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,YAAY,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACpC,MAAM;QACR,CAAC;IACH,CAAC;IAED,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,CAAC;QAC3B,0DAA0D;QAC1D,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,2DAA2D;YAC3D,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,CACxC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAC/D,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,GAAG,EAAE,MAAM,CAAC,GAAG;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC;IAED,4CAA4C;IAC5C,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,GAAG,EAAE,MAAM,CAAC,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAElC,IAAI,UAAkB,CAAC;IACvB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,UAAU,GAAG,IAAI,CACf,OAAO,EAAE,EACT,SAAS,EACT,qBAAqB,EACrB,QAAQ,EACR,4BAA4B,CAC7B,CAAC;IACJ,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,UAAU,GAAG,IAAI,CACf,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,EACzB,QAAQ,EACR,4BAA4B,CAC7B,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,QAAQ;QACR,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;IAClF,CAAC;IAED,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO;QACL,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,IAAI;KACZ,CAAC;AACJ,CAAC"}